Saturday, June 23, 2012

BeEF, what a tasty piece of meat: HackPra talk

The 20th of June I gave a seminar at @HackPra in Bochum university, Germany.
First of all, thanks to Mario Heiderich and Marcus Niemietz for the invitation.

The talk went very well, covering several things:
  • communication channels: the default XHR-polling channel, and the new WebSocket channel;
  • XssRays integration: new enhancements (works with Webkit-based browsers that use XssAuditor, IE6 to 10);
  • abusing Chrome extensions: the Fake Flash Update module coded by Mike Haworth, and a few Chrome extension modules we have in BeEF (like the one you can use to inject the hook in all the open tabs). Imagine the impact of this (see screenshot below, where one of the tabs where the BeEF hook was injected is LinkedIn);

  • tunneling proxy: speed/performance enhancements while using WebSockets (4/5x times faster);
  • Evasion extension: for the first time, I was presenting the experimental Evasion extension. The aim of the extension is to obfuscate the hook and all code sent to the hooked browsers in order to evade passive regex-based filters. You can define your own obfuscation techniques, specifying in which order they need to be called. Right now we have 3 techniques: scramble (static string substitution, for example you don't see anymore beef in the hook), minify (awesome to save size) and base64. XOR is coming soon.
The talk went well, and as I promised there were a lot of live demos. Actually only one demo was not live. I've played again the Java mass pwner that uses RESTful API scripts, originally presented at AthCon 2012.

After the talk we all went to a GDATA building together with Karsten Tellmann, Felix @fluxfelix and other guys from @fluxfingers . Meeting Udo Strauch, the guy responsible for food and drinks, was a unique event :D His fine selection of rare beers was amazing: he particularly like some rare beers (honestly I didn't know them) from Teo Musso, an italian guy. The beers where really tasty and flavored, ans 8 to 10 percent :D 

We were partying hard until late in the night. The next day I met up with Reiners, Tilman Frosch, and partially followed (it was in encrypted German) Felix's awesome lecture about reversing.

To conclude, it was a great time. They really took good care of me. Definitely two non-conventional days for a university seminar. Really recommended to everyone (entrance was free as well of course).

You can enjoy the slides/recording here. This was the first time I could watch the recording of my talk the next day :D


  1. The blog or and best that is extremely useful to keep I can share the ideas
    of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    tanki online | 2048 game| tanki online game

  2. I like that you talk about it in your post. Social networks are very useful. And if you, for example, lost your instagram profile, just read this useful tips and solve your problem.

  3. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    Selenium with python Training in Electronic City

  4. Machacx
    Get unlimited free tools and cracks for mac os. You can download all premium mac and windows files

  5. The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful
    atari breakout

  6. الزجاج المائي: وهي عبارةٌ عن مادة يتمّ إذابتها في المياه واستخدام فرد الرش، حيث يتمّ رشها مباشرةً على السطح. مادة السيليكا: هي من المواد القوية في العزل، حيث يتمّ خلطها في الإسمنت لتكون مادةٍ أساسية في الخرسانة، حيث تعمل حبيبات السيليكا على تقوية جزيئات خليط الإسمنت.

    شركة عزل اسطح
    شركة عزل اسطح بتبوك
    شركة عزل اسطح بحائل

  7. Like most people in the "job search market" I've talked to recently, I was struggling with my resume. I had seen several writing companies advertised on the web, especially coming from different job boards, but then I searched on "best resume writers" and found that resumeyard service was listed very highly. I gave them a try and have been very pleased, they was very responsive to any edits I requested, overall I am very satisfied and would recommend this company!

  8. Our writers can assist clients looking for quality thesis writing assistance. We understand the process of how to buy custom research papers can be challenging for students with little time to craft a lengthy piece.


  9. if you have got Hp scanner and printer and looking to get HP Software and driver then you can visit here you will get all the latest drivers and printers software. you need to simply enter your device details to get the compatible software

  10. Thank you so much for sharing this excellent information. Your article is amazing. Good to discover your post.

  11. عند التعامل مع أي شركة أخرى لأننا كنا متخصصين في هذا المجال لفترة طويلة وبالتالي تميزنا عن غيرنا الشركات في أسعارنا التي لم تجد مثالا
    شركة مكافحة حشرات
    شركة مكافحه النمل الابيض بالمجمعة
    شركة مكافحه حشرات بالمجمعة

  12. I am happy with your article,your website is pretty good. Many articles are very useful for everyone. I am sure your website will grow in the future. are the 24/7 helpline provider they provide the best solutions regarding the issues of Hp PRINTER.

  13. I'm a purely visual person and I was impressed with the clean design and smart positioning of elements on this website Rankmywriter service. Checking out prices and terms and placing an order took less than 10 minutes and then I received a confirmation call from the call centre worker almost at once. The paper quality is top-notch. I think it's love.

  14. This website is named of paraphrasing software academic writing which is highhly refundable and quality based site. You'll have the best thesis services and other. Thank you so much for this one. I hope you'll enjoy it.

  15. Your blog is filled with unique good articles! I was impressed how well you express your thoughts.
    Rotate a video on iMovie for iPadOS

  16. Are you looking to hire the best Custom College Papers Writing Services? It is helpful to note that the content of Legitimate Custom College Paper are unique and non-plagiarized and each Custom College Paper should be verified meticulously by editors before it can be sent to you.

  17. ترجمه متون و مقالات رشته پزشکی به علت تخصصی بودن اصطلاحات آن فرایندی سخت و نیازمند توانایی بسیار بالا درامر ترجمه است و مترجمان متون عمومی نمیتوانند متون پزشکی را به خوبی ترجمه کنند. وب سایت ترجمه آنلاین با کادری حرفه ای از مترجمان باسابقه کشور آماده است تا شما را در مسیر ترجمه تخصصی پزشکی مقالات شما یاری نماید.

  18. The agency knows how tedious and overwhelming crafting Custom Research Paper Services can be for learners and Deliberate all your tasks to writers at the Online Research Paper Writing Services and Legitimate Custom Research Paper Writing Services.

  19. แจกฟรีเครดิต slotxo เกมสล็อตxo ที่คุณสามารถทดลองเล่นได้แบบฟรีๆที่นี่


  20. الرائد افضل شركة تنظيف و غسيل خزانات بالمدينة المنورة تنظيف خزانات بالمدينة المنورة وتقوم اياب تقيمها بالاشعه الفوق البنفسجية

    تنظيف خزانات

  21. I think it is a good idea, I have thought of it but not as detailed as you. click

  22. You explained in well manner..
    Thank you for adding it..
    NYC DOE 2020

  23. To get a perspective on the best cuts of beef, we talked to Marty ... The top sirloin cap is a rarer cut of meat to find as it's usually already ...

  24. this game is good สมัครpg
    this game is good joker123
    this game is good pg slot ทดลองเล่น
    this game is good pg auto
    this game is good joker gaming
    this game is good pgslot

  25. Great Article. Really Informative and Helpful. Thanks for sharing it with us. Appreciate it. Check out Review

  26. Get free bonus 100%
    New online slots game Online slot betting
    This game is very good Pgslot
    Get free bonus. Apply Pgslot auto
    this game is amazing Dinosaur Tycoon
    This game is very good UFABET auto

  27. New online slots game Online slot betting
    Get free bonus. Apply JOKER auto
    this game is amazing slotxo
    This game is very good PGSLOT
    This game is very good UFABET

  28. New online slots game Online slot betting
    This game is very good Super slot
    Get free bonus. Apply Pgslot
    this game is amazing Joker auto
    This game is very good UFABET auto
    This game is very good Dinosaur Tycoon